Share this:

As those who visit our home page may have noticed we have a section where we note the countries with the worst IP reputation. We divide it up between big countries and small ones and determine the relative badness by calculating the proportion of the country's reported IP addresses that are bad.

Share this:

Johannes Ullrich, Dean of Faculty and Chief Research Officer at SANS Institute and founder of DShield (full disclosure: also advisor to ThreatSTOP), will give a talk on the ever-changing threat landscape and how to detect existing breaches, protect against botnets and advanced persistent threats, and safeguard your data. It will be at a lunch and learn event jointly sponsored by ThreatSTOP and the Orange County IT Executive Round Table on April 26, at Newport Beach, CA. Registration is FREE for qualified IT security professionals. Come enjoy great food, learn something and connect with your peers. For more info, go here.

Share this:

Since the Internet is nearly out of IPv4 addresses, people are finally getting serious about using IPv6. As people start deploying IPv6 we will find new bugs and loopholes that crooks can exploit. Holes like this one that mean that a bot on a network could act as the "man in the middle" for everyone else nearby.

Share this:

One thing we often note is that many bad IP addresses are recidivists. One day they are seen doing one bad thing, a week later they do something different. A good example are the various IP addresses implicated in the current LizaMoonSQL injection attack. Almost all the addresses were already known to us - in the 'Russian Business Network' feed at least - and some had quite a considerable history. Hence ThreatSTOP subscribers could have been protected against this attack, however not every ThreatSTOP subscriber will be using a block list with the RBN feed in it so we have also added the addresses to Emergency Feed which is downloaded by all our subscribers.